Граф коммитов

454 Коммитов

Автор SHA1 Сообщение Дата
mstoltz%netscape.com 00ba04ac0e bug 77485 - exploit inserting a function into another window using targeted
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.
2001-05-30 02:22:22 +00:00
ddrinan%netscape.com a86397a93a PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org 2001-05-23 22:06:43 +00:00
mstoltz%netscape.com edf3f8a6e9 Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00
blizzard%redhat.com e1e5c32a99 Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com 201736a175 Bug 47905 - adding security check for XMLHttpRequest.open.
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com 822c76926e Fixing bug 78831 - treat chrome and resource URLs the same in the
URL loading check and give them access to each other. r=pavlov,
 sr=brendan. This allows us to turn on the fix (already reviewed)
for 69070.
2001-05-15 22:47:21 +00:00
mstoltz%netscape.com cbe1b93f17 *** empty log message *** 2001-05-15 06:43:12 +00:00
mstoltz%netscape.com a2efeb43e7 bug 79445, fixing crash with some event handlers (null pointer dereference)
r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened
bug 56009.
2001-05-15 04:44:54 +00:00
mstoltz%netscape.com f2b3d870ba bug 79916 - was using | instead of &, causing a security hole. r=jband, sr=brendan. 2001-05-11 00:53:21 +00:00
mstoltz%netscape.com d0f2b845b9 Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
dmose%netscape.com d9fefe861d more REQUIRES bustage fixing for senna; unicharutil dependency has been introduced because caps wants nsIDocShell which wants nsIPresContext 2001-05-10 18:48:46 +00:00
jst%netscape.com 61f5b1d1a1 Temporary workaround for the composer and other related problems caused by security manager problems, change by mstoltz@netscape.com, r=jst@netscape.com 2001-05-09 02:53:46 +00:00
jst%netscape.com adf1d8320a Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 2001-05-08 16:46:42 +00:00
ccarlen%netscape.com df1a6e78a8 Bug 78745 - nsIPromptService::ConfirmEx needs to be more flexible. r=valeski, sr=sfraser 2001-05-06 15:03:55 +00:00
kandrot%netscape.com d5bd552195 Check in for Ron Guilmette. r=shaver, sr=waterson. For intl r=nhotta. Changes for NS_IMPL_NSGETMODULE. bug #46775. 2001-05-05 05:33:37 +00:00
mkaply%us.ibm.com 1e48cea7cc #76913
r=mstoltz, sr=brendan
Fix some calling convention - PR_ to JS_
2001-05-02 00:02:59 +00:00
cls%seawood.org 25c6dc1c7e Set EXPORT_LIBRARY=1 in all pertinent Makefile.ins. Allows us to build the final link list as we traverse the tree. Bug #46775 2001-04-28 19:48:12 +00:00
valeski%netscape.com 9e8d80d70f mozilla diffs r=tao, sr=alecf, commercial diffs r=syd, sr=syd/shaver. lower-casing JS calls to createBundle. removing un-used nsILocale param from nsIStringBundle::CreateBundle(). 76332 2001-04-27 21:30:24 +00:00
sfraser%netscape.com 5e35cbdbc0 Backing out valeski 2001-04-27 05:53:22 +00:00
valeski%netscape.com def10e77f9 mozilla tree r=tao, sr=alecf. commercial tree r=syd, sr=syd/shaver. lowercasing the first char in JS method calls to createBundle. removing the dead locale parameter in the CreateBundle() method call. 76332 2001-04-27 04:16:22 +00:00
bnesse%netscape.com 19dccef1bc Prefs API refactoring. Bug #46863. r=valeski, sr=alecf. 2001-04-26 18:41:11 +00:00
ccarlen%netscape.com fad24de4ee Bug 46859 - Remove UniversalDialog. r=valeski/sr=rpotts,sfraser/a=blizzard 2001-04-21 00:26:18 +00:00
bryner%uiuc.edu cbc8cea88c Backing out bnesse's fix for bug 46863 due to numerous types of runtime bustage on linux and windows. a=brendan. 2001-04-20 06:45:56 +00:00
bnesse%netscape.com 6a048b1a8f Landing PrefAPI refactoring bug 46863. r=valeski, sr=alecf, a=blizzard. 2001-04-19 22:21:39 +00:00
mstoltz%netscape.com c302defdcd More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
dbaron%fas.harvard.edu 1f23f5941d Fix leaks of global objects. b=76091 r=mstoltz@netscape.com sr=hyatt@netscape.com 2001-04-17 00:12:28 +00:00
shaver%mozilla.org e2dc3d6d88 75152: Remove GetVersionNumber stub in favour of upcoming, less-invasive
preloader strategy. r=jag, sr=attinasi.
2001-04-11 14:23:13 +00:00
disttsc%bart.nl 748e1ece2f Clean up MODULE/REQUIRES, bug=73353, r=cls 2001-04-08 08:33:11 +00:00
dbaron%fas.harvard.edu 60d5b49964 Fix MOZ_TRACK_MODULE_DEPS (senna tinderbox) bustage by adding new header file dependencies to REQUIRES. 2001-04-07 04:29:01 +00:00
danm%netscape.com 378b2f48b9 removing use of nsNetSupportDialog. bug 72112 continued. r=hyatt,morse,mstoltz,various 2001-04-07 03:33:56 +00:00
dprice%netscape.com 3e31ab9946 65845 - new order files 2001-04-05 06:02:32 +00:00
rickg%netscape.com c1ce80ae83 preloader update. r=peterl, sr=attinasi 2001-04-03 22:58:59 +00:00
disttsc%bart.nl 96f5f6cf31 Add "gfx2" and "imglib2" to REQUIRES lines in Makefile.in for MOZ_TRACK_MODULE_DEPS builds (e.g. senna) 2001-03-30 10:39:06 +00:00
disttsc%bart.nl 812a462213 Fix MOZ_TRACK_MODULE_DEPS bustage 2001-03-23 08:44:39 +00:00
disttsc%bart.nl 9149e8b0b4 Fix MOZ_TRACK_MODULE_DEPS bustage. 2001-03-23 08:16:59 +00:00
mstoltz%netscape.com b26a1f0451 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
blakeross%telocity.com de8b54d4c3 Fix 49334: gopher support, minor restructuring of directory viewer. necko: r=darin,dougt sr=rpotts other: r=waterson,mstoltz,jag sr=alecf
Fix 70404: assertions or datetime and finger. r=dougt, sr=rpotts

Both patches by Bradley Baetz (bbaetz@cs.mcgill.ca)
2001-03-14 02:42:39 +00:00
dprice%netscape.com 1b42d68e45 71057 sr=waterson new order files. NOT PART OF THE REGULAR BUILD 2001-03-13 10:47:37 +00:00
valeski%netscape.com a8e9bc5bd5 sr=rpotts, r=gagan. 70743. switching over to new extensible URI::SchemeIs() api 2001-03-13 02:02:05 +00:00
suresh%netscape.com b02946cae2 Adding aim protocol to the list. No Specific bug number. r=syd. sr=mstoltz 2001-03-07 05:58:45 +00:00
beard%netscape.com 4122626e4f Switch from NS_STATIC_CAST to NS_REINTERPRET_CAST to fix bustage on Mac. r=mstoltz 2001-03-02 01:13:35 +00:00
mstoltz%netscape.com 6672d1a27a bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 2001-03-02 00:09:20 +00:00
dprice%netscape.com 5184a7104b # 65845 sr=waterson, new order files will greatly reduce the number of link warnings. 2001-02-27 04:38:19 +00:00
mstoltz%netscape.com 407dac60d8 bug 63451 - moved signature verification functions from nsIZipReader to nsIJAR. r=sgehani, sr=shaver 2001-02-23 00:15:04 +00:00
disttsc%bart.nl 744785129a Mass REQUIRES update to synch up with string lib and xul changes in an attempt to fix senna bustage. r=jst, sr=cls 2001-02-22 09:35:51 +00:00
mstoltz%netscape.com 8720e0c142 Bug 66331, nsCodebasePrincipal::GetOrigin needs to specify the port
if nonstnandard. Fixes a bug in LiveConnect. r=dougt, sr=jband.
2001-02-14 00:27:34 +00:00
dprice%netscape.com 343dcec924 65845 First cut of the order files 2001-02-13 02:34:59 +00:00
beard%netscape.com 234eb9d4b5 fix for bug #63466, r=mstoltz, sr=brendan, a=leaf 2001-02-12 07:47:28 +00:00
gagan%netscape.com cded3e2f30 Optimization for scheme comparison of URIs. See bug 66577 for details. r=darin, sr=brendan@mozilla.org 2001-01-31 01:33:03 +00:00
mstoltz%netscape.com d1ff4c4a38 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 2001-01-27 01:42:20 +00:00
bryner%uiuc.edu 3c4d17f118 Removing .cvsignore file so this directory will go away. Not part of build. 2000-12-28 21:08:29 +00:00
jband%netscape.com e383c347e4 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 2000-11-30 05:32:08 +00:00
cls%seawood.org 8bd122b3d5 Resurrect REQUIRES so that we have some sort of means to track intermodule dependencies. Bug #59454 r=blizzard@mozilla.org 2000-11-20 07:16:06 +00:00
dbaron%fas.harvard.edu d932c515d5 Make nsDestroyJSPrincipals stop confusing the leak stats by calling AddRef, but not when the refcount is 0. r=mstoltz@netscape.com sr=brendan@mozilla.org b=59135 2000-11-08 03:06:57 +00:00
mstoltz%netscape.com 3161a54c16 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan.
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
2000-11-07 01:14:08 +00:00
mstoltz%netscape.com 0caa769ac2 Bug 57937, signed frames denied access to unsigned frames. r=mccabe, sr=brendan 2000-10-30 20:05:07 +00:00
warren%netscape.com 4189314fdb Bug 47207. Backing out logging/PRINTF changes until we can fix stopwatch.h, introduce double parens, etc. 2000-10-28 22:17:53 +00:00
warren%netscape.com 6e35f97e31 Bug 47207. Changing printf to PRINTF to use new logging facility. r=valeski,sr=waterson 2000-10-27 22:43:51 +00:00
mscott%netscape.com 4b5a54deb0 Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe.
this code was contributed by mstoltz.
r=beard, sr=mscott
2000-10-24 00:52:02 +00:00
pollmann%netscape.com 87208694ab Bug 13871: Prevent frameset spoofing r=mstoltz, sr=mscott, a=rpotts 2000-10-19 10:25:49 +00:00
mstoltz%netscape.com 99a2b79580 Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 2000-10-13 22:59:47 +00:00
mstoltz%netscape.com 940c5078d1 Fixing 52497, security problem in document.implementation, r=jst a=brendan 2000-09-20 23:38:28 +00:00
warren%netscape.com 075350b1c8 Landing jar packaging from jar_restructuring_branch. r=hyatt,dprice,sfraser,dveditz,vishy,sgehani 2000-09-20 19:35:24 +00:00
jband%netscape.com c53517dae2 fix memory corruption bug 52382. r=mstoltz 2000-09-14 08:48:53 +00:00
rayw%netscape.com 6cc70ebd6c Bug 37275, Changing value of all progids, and changing everywhere a progid
is mentioned to mention a contractid, including in identifiers.

r=warren
2000-09-13 23:57:52 +00:00
jdunn%netscape.com 3ebb4117a1 Fix warning which requires a return value from functions
r= brendan@mozilla.org scc@mozilla.org
#= 52254
2000-09-13 11:29:18 +00:00
mstoltz%netscape.com 397dd0a60e bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 2000-09-09 00:53:21 +00:00
mstoltz%netscape.com 586719c321 bug 50304, adding "static" to security policy struct, should save some memory and time. r=rogerl 2000-09-07 19:03:23 +00:00
scc%mozilla.org 5e20db47e1 more GCC fixes 2000-09-03 06:41:18 +00:00
jtaylor%netscape.com c872b76899 Not part of build. Adding security regression test suite driver (mozDriver). 2000-08-29 21:50:56 +00:00
dp%netscape.com 6131f92863 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com 88846ce93b Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 2000-08-22 02:06:52 +00:00
warren%netscape.com 930a05de5a Fix for hash code performance problem discovered by bienvenu. 'Sampling' hash code was statistically evil. 2000-08-20 21:29:10 +00:00
shaver%mozilla.org ef25ecf277 Fix 47354 and 39975 by providing a system-privileged scope backstop for
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan
2000-08-16 04:01:02 +00:00
dougt%netscape.com 7934ec7c51 Changing the nsDirectoryService define. This should have been done with the rest of the nsDirectorySerivce changes. r=conrad. 2000-08-14 22:38:27 +00:00
jtaylor%netscape.com 7fffe0e83e Fixes bug #45877. r=mstoltz. 2000-08-11 03:11:24 +00:00
warren%netscape.com 4af572e4c1 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 2000-08-10 06:19:37 +00:00
jband%netscape.com 02b25f73f7 fix bug 47410. Allow JS components to implement nsISecurityCheckedComponent and have sidebar componnet implement it to allow access from untrusted scripts. a=brendan@mozilla.org a=johng@netscape.com 2000-08-08 23:59:32 +00:00
warren%netscape.com 4967b0a7cc Getting jar files in shape. Mostly works on unix, status bar missing (not in build yet). 2000-08-02 06:48:45 +00:00
mstoltz%netscape.com 86eadd802e Fixing 40159, nasty infinite recursion on startup. r&a=beard 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com 3706de2b9a fix for 42387, r=dveditz 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com 4d0c283076 Fixing 40159 and 44822, both [nsbeta2+] regressions on signed scripts. r=sgehani 2000-07-12 03:10:33 +00:00
cls%seawood.org 062c8bd937 Start tedious process of removing obsolete mozilla/include files from build. This patch should take us down to 19 of 101. Bug #38061 2000-07-10 07:13:31 +00:00
mstoltz%netscape.com 0b9feb28b2 DOM properties default to same origin access only. Bug 28443. r=rginda 2000-07-05 19:08:20 +00:00
dcone%netscape.com 8591431bbb Added the IDL file for Vidur. 2000-06-23 15:22:38 +00:00
vidur%netscape.com b22731f07d Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 2000-06-23 14:32:38 +00:00
joki%netscape.com ac67aba0ee Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz 2000-06-21 00:21:50 +00:00
mstoltz%netscape.com 7cae8bc0cc Dogfood bug 42076 - allowing file:// urls to load chrome:// URLs. r=evaughan. 2000-06-16 22:22:38 +00:00
warren%netscape.com 958ed96edd Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433 2000-06-03 09:46:12 +00:00
mstoltz%netscape.com 05de905adb On Mac, we should look for systemSignature.jar in Essential FIles, not the bin directory. Bug 40468, r=sgehani, a=clayton. 2000-06-02 22:22:11 +00:00
mstoltz%netscape.com ab8668d6b4 Fix for 16858 w/o breaking directory browser. r=waterson a=beard 2000-06-01 23:57:48 +00:00
mstoltz%netscape.com c54ae2cb3c Fixed bug in DOM security checks, fixes bug 37907, 23516. Added security check for htmlelement.innerhtml, fixes 39083. Added location check to BASE HREF=, fixes 35859. r=vidur. Added check to style= tag, fixes 16858, r=pierre. 2000-05-26 23:28:40 +00:00
cls%seawood.org 1165ad3a33 Mass replace of -lmozjs with $(MOZ_JS_LIBS) needed for OS/2 and consistency. 2000-05-17 06:45:45 +00:00
mstoltz%netscape.com 5e94ace8c8 Allow scripting of plugins by untrusted web scripts. Bug 36375. 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com 3ec39eeed8 Removing archive attribute from nsCertificatePrincipal. This will not be used. 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com 1da9a8a070 Fixing bustage in nsCertificatePrincipal.cpp 2000-05-16 04:15:56 +00:00
mstoltz%netscape.com ecc9b44676 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
danm%netscape.com 6028ba8bff correct typo in last checkin 2000-05-14 10:38:48 +00:00
danm%netscape.com ed11c187c4 new chrome hierarchy 2000-05-14 10:37:30 +00:00
danm%netscape.com e6b9efbec5 top-level chrome dirs are now packages,locales,skins 2000-05-13 21:29:08 +00:00
scc%netscape.com d11c66a210 string backsliding. r=mjudge 2000-05-12 07:53:02 +00:00
mstoltz%netscape.com bf6b5666ee added files: mozilla/caps/idl/nsISignatureVerifier.idl 2000-05-10 01:50:00 +00:00
mstoltz%netscape.com 0f88b44d07 Removed dependency of libjar on psm-glue, bug 36853. Fixed out parameter type problem in PSMComponent::HashEnd 2000-05-10 01:49:33 +00:00
thayes%netscape.com 305c17893f Replace implementation of nsISupports with thread-safe version. This allows
SSL/HTTPS operations to complete on debug builds with thread-safety checking.
r=bryner
2000-05-03 00:04:48 +00:00
mstoltz%netscape.com 2483630a16 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 2000-05-01 23:39:51 +00:00
nisheeth%netscape.com fa1d77063b 1) Added support for loading an XML document "out of band" from script and manipulating it via dom interfaces.
2) Fixed compile errors in XSL glue code that happened after the recent nsString landing by scc.
3) Added a check for a null URI before de-referencing it in nsCodeBasePrincipal.cpp.
2000-05-01 06:58:53 +00:00
mstoltz%netscape.com c708609856 Fix bustage on Sun and HP compilers...was casting void* to PRInt16. Added intermediate cast. 2000-04-26 20:54:02 +00:00
mstoltz%netscape.com 4794c651b5 Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
jband%netscape.com 1e434e1384 Do something safe if this call fails 2000-04-25 04:50:49 +00:00
jefft%netscape.com 223fa87dcf fixed bug 17100 - [FEATURE] enabled partial message download for pop3 2000-04-25 01:48:00 +00:00
mstoltz%netscape.com 200b920525 Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com 9ac7780368 Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
danm%netscape.com 622d6fe83b dist...chrome restructuring 2000-04-19 21:42:30 +00:00
scc%netscape.com a8cf7f51f8 making string conversions explicit 2000-04-15 05:29:33 +00:00
norris%netscape.com a3caa18f07 Fix
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com 9ec188bd3a # 34082
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
cls%seawood.org 57978e5c23 Moved static MOZ_COMPONENT_NSPR_LIBS, MOZ_COMPONENT_XPCOM_LIBS, MOZ_COMPONENT_LIBS definitions from configure.in to config.mk. Replaced -lxpcom in Makefiles to $(XPCOM_LIBS) so that we can optionally link against -lboehm when needed. Bug #31287 2000-04-04 04:46:38 +00:00
scc%netscape.com 080a801eb7 making string conversions explicit 2000-04-01 00:39:02 +00:00
scc%netscape.com c3b3057466 make string conversions explicit 2000-04-01 00:36:50 +00:00
scc%netscape.com cf70fe20e4 turn on source browser in debug build; moved camelot added files into their right spots 2000-04-01 00:32:53 +00:00
mstoltz%netscape.com 72ad6e26bf Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
warren%netscape.com d60b12b153 Necko API changes: primarily nsIChannel, changing initialization parameters to accessors. Got javascript: evaluation to happen at the right time (when AsyncRead is called) as well as on the right thread. 2000-03-29 03:58:50 +00:00
scc%netscape.com a3093c8f3d small changes to clients of string conversion APIs 2000-03-26 01:19:41 +00:00
norris%netscape.com c7afcfb732 Fix
32088 Circumventing Same Origin security policy using javascript: URLs
        32040 about: can't be link
Also remove deprecated method
r=mstoltz
2000-03-24 22:15:37 +00:00
norris%netscape.com 07a6acc61f Fix bug 32904 Asserts at startup in nsScriptSecurityManager.cpp
r=mstoltz
2000-03-23 23:42:46 +00:00
mstoltz%netscape.com b9b429f835 heckLoadURI now handles jar: URL's correctly. r=norris 2000-03-23 04:37:37 +00:00
norris%netscape.com 1d3c4cb5e3 Fix 31998 nsScriptSecurityManager not thread safe breaks table regress 2000-03-21 23:12:16 +00:00
mstoltz%netscape.com c8d341bf6a added files: mozilla/caps/idl/nsIAggregatePrincipal.idl 2000-03-21 04:06:47 +00:00
mstoltz%netscape.com 402f54ba70 added files: mozilla/caps/src/nsAggregatePrincipal.cpp 2000-03-21 04:06:33 +00:00
norris%netscape.com c19429e137 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com b06e55722c Files:
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com 1b7593c2f0 Fix 29419 nsScriptSecurityManager should do casinsensitive compaires
Patch submitted by andreas.otte@primus-online.de
r=norris,a=jar
2000-03-08 04:57:05 +00:00
bryner%uiuc.edu 3e89dbe350 This allows clicked "finger:" links to work. r=norris@netscape.com. 2000-02-26 23:37:08 +00:00
norris%netscape.com edb5d4b27a Fix meta refresh problems with etrade, etc.
r=mstoltz
a='do the right thing'
2000-02-24 19:17:59 +00:00
norris%netscape.com 3d5f67908e Fix 28612 META Refresh allowed in Mail/News
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
2000-02-23 22:34:40 +00:00
norris%netscape.com 9b91cccb73 Work around bug where dialog message is truncated.
a=chofmann,r=mstoltz
2000-02-19 00:37:02 +00:00
norris%netscape.com 8fe3d34730 Fix 18439 windows.status allows reading links
r=mstoltz
2000-02-11 04:18:39 +00:00
norris%netscape.com 727047fe62 For some reason the sun compiler doesn't like the ?: assignment. 2000-02-10 06:24:38 +00:00
norris%netscape.com 2ac7751db4 Fix bad separator in Makefile problem. 2000-02-10 05:33:49 +00:00
norris%netscape.com 80d944693e Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
scc%netscape.com 5e041e830f Pro5 update 2000-02-07 23:06:04 +00:00
norris%netscape.com d5dbc541db Fix crash in nsCodebasePrincipal::Equals when browser.registration.enable is set to true.
r=racham
2000-02-03 23:47:00 +00:00
norris%netscape.com 0ce518b2ab Fix domain generalization for site-specific security policy.
also fix bug with enablePrivilege.
r=mstoltz
2000-02-03 23:28:36 +00:00
brade%netscape.com 7a8342d9d2 fix paths for move to CW5 (bug #25779) 2000-02-02 15:27:53 +00:00
norris%netscape.com 131271ae68 Fix bug #25864 watch() vulnerability
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com 2445cfc5f1 Fix warning. 2000-01-27 15:59:34 +00:00
norris%netscape.com e7f484f030 Fix 23227 Document object vulnerability
r=mstoltz
2000-01-26 15:33:57 +00:00
jband%netscape.com bf596d809e Lots of xpconnect bug fixes...
- fix bug 12954 "should throw when setting non-settable props".

- fix bug 13418 "xpconnect needs to be threadsafe".
I think I filled in the cracks. Tests would be nice :)

- fix bug 22802 "[MLK] XPConnect Leaks".

- fix bug 24119 "[MLK] Reminder about cleaning up maps".

- fix bug 24453 "xpconnect needs default security manager".
I also changed the code in DOM and caps to just install a default secman and
not install a secman for each JSContext.

- fix bug 24687 "xpconect should avoid resolve performance suckage".
Added (modified) patch from shaver to create my JSObjects with the
global object as the temporary proto to avoid losing lookup.

- hack for bug 24688 "runtime errors in wrapped JS are not made obvious"
Added a debug only printf. We still need a JSErrorConsole service for this.

- fix bug 16130 "createInstanace and getService can create wrappers around wrappers"
Fixing this one really entailed changing the semantics of nsIXPConnect::wrapNative
and nsIXPConnect::wrapJS to use common code in xpcconvert that deals with existing
wrappers and DOM objects (with their own schemes for wrapping and unwrapping).
So, I changed the callers because the params changed slightly and some callers
were doing more work than necessary given the new semantics.

- Continued in the crusade to replace manaual refcounting with nsCOMPtrs whenever
touching old code.

- Added myself as first contributor to xpconnect files (vanity prevails!)

- Added new copyright header on some files that were missing it.

- Added some API comments.

- Converted nsXPCWrappedJS to implement nsIXPConnectWrappedJS via MI rather than
the old loser scheme of the nsIXPConnectWrappedJSMethods tearoff object.

- added DumpJSStack as globals to xpconnect and DOM dlls to be callable from
debuggers. I have ideas on how to improve and expand this support soon.

r=mccabe
2000-01-26 08:38:10 +00:00
norris%netscape.com e753eaa792 Files:
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
mstoltz%netscape.com ce5d6f919f Fixed build blocker on HPUX, AIX, and Solaris by adding a cast. r=norris a=jar bug=24322 2000-01-20 00:19:30 +00:00